[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Thu Oct 20 05:01:01 UTC 2022
The branch, master has been updated
via 50cbdecf2e2 tests/krb5: Add test requesting a TGT expiring post-2038
via 67811e121fb tests/krb5: Add test requesting a service ticket expiring post-2038
from eb2f3526032 s4:ldap_server: let ldapsrv_call_writev_start use conn_idle_time to limit the time
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 50cbdecf2e276e5f87b9c2d95fd3ca86d11a08e2
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Oct 20 12:36:44 2022 +1300
tests/krb5: Add test requesting a TGT expiring post-2038
This demonstrates the behaviour of Windows 11 22H2 over Kerberos,
which changed to use a year 9999 date for a forever timetime in
tickets.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15197
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Oct 20 05:00:23 UTC 2022 on sn-devel-184
commit 67811e121fbef08337675d473390160793544719
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Oct 4 12:25:08 2022 +1300
tests/krb5: Add test requesting a service ticket expiring post-2038
Windows 11 22H2 performs such requests, with year 9999.
The test fails with KDC_ERR_BAD_INTEGRITY on older
Heimdal versions, which are unable to verify a checksum
over the modified request body (due to a re-encoding failure).
REF: https://github.com/heimdal/heimdal/issues/1011
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15197
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
-----------------------------------------------------------------------
Summary of changes:
python/samba/tests/krb5/as_req_tests.py | 13 +++++++++++--
python/samba/tests/krb5/kdc_tgs_tests.py | 14 ++++++++++++++
2 files changed, 25 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/python/samba/tests/krb5/as_req_tests.py b/python/samba/tests/krb5/as_req_tests.py
index 6a573947067..6b3b5ad4a22 100755
--- a/python/samba/tests/krb5/as_req_tests.py
+++ b/python/samba/tests/krb5/as_req_tests.py
@@ -47,7 +47,7 @@ class AsReqBaseTest(KDCBaseTest):
expected_cname=None, sname=None,
name_type=NT_PRINCIPAL, etypes=None,
expected_error=None, expect_edata=None,
- kdc_options=None):
+ kdc_options=None, till=None):
user_name = client_creds.get_username()
if client_account is None:
client_account = user_name
@@ -71,7 +71,8 @@ class AsReqBaseTest(KDCBaseTest):
expected_sname = sname
expected_salt = client_creds.get_salt()
- till = self.get_KerberosTime(offset=36000)
+ if till is None:
+ till = self.get_KerberosTime(offset=36000)
if etypes is None:
etypes = client_as_etypes
@@ -516,6 +517,14 @@ class AsReqKerberosTests(AsReqBaseTest):
sname=wrong_krbtgt_princ,
expected_error=KDC_ERR_S_PRINCIPAL_UNKNOWN)
+ # Test that we can make a request for a ticket expiring post-2038.
+ def test_future_till(self):
+ client_creds = self.get_client_creds()
+
+ self._run_as_req_enc_timestamp(
+ client_creds,
+ till='99990913024805Z')
+
if __name__ == "__main__":
global_asn1_print = False
diff --git a/python/samba/tests/krb5/kdc_tgs_tests.py b/python/samba/tests/krb5/kdc_tgs_tests.py
index f57df85bfcd..e64135249db 100755
--- a/python/samba/tests/krb5/kdc_tgs_tests.py
+++ b/python/samba/tests/krb5/kdc_tgs_tests.py
@@ -2334,6 +2334,18 @@ class KdcTgsTests(KDCBaseTest):
self._run_tgs(tgt, expected_error=(KDC_ERR_TGT_REVOKED,
KDC_ERR_C_PRINCIPAL_UNKNOWN))
+ # Test making a TGS request for a ticket expiring post-2038.
+ def test_tgs_req_future_till(self):
+ creds = self._get_creds()
+ tgt = self._get_tgt(creds)
+
+ target_creds = self.get_service_creds()
+ self._tgs_req(
+ tgt=tgt,
+ expected_error=0,
+ target_creds=target_creds,
+ till='99990913024805Z')
+
def _modify_renewable(self, enc_part):
# Set the renewable flag.
enc_part = self.modify_ticket_flag(enc_part, 'renewable', value=True)
@@ -2704,6 +2716,7 @@ class KdcTgsTests(KDCBaseTest):
sname=None,
srealm=None,
use_fast=False,
+ till=None,
expect_pac=True,
expect_pac_attrs=None,
expect_pac_attrs_pac_request=None,
@@ -2813,6 +2826,7 @@ class KdcTgsTests(KDCBaseTest):
cname=None,
realm=srealm,
sname=sname,
+ till_time=till,
etypes=etypes,
additional_tickets=additional_tickets)
if expected_error:
--
Samba Shared Repository
More information about the samba-cvs
mailing list